ransomwareI came across an interesting article in the Wall Street Journal regarding recent advancements by cybercriminals to attack small businesses with ransomware, and essentially use malware in bogus emails to freeze SMB computer files, and demand a ransom to unlock them. You may recall we have reported on this before, dating back to 2013, but it appears this threat is becoming more widespread and commonplace for SMB’s, further stressing the need for robust data security and data backup plans. Here is the article from WSJ:

More small businesses are falling victim to “ransomware,” in which malicious code locks up computer files and cybercriminals demand a ransom to free them.

Mark Stefanick, president of a small Houston-based firm, Advantage Benefits Solutions, was shocked when one of his consultants suddenly found his work computer locked. Within hours, rogue computer code had spread from the consultant’s computer to the server and backup system at the firm. The code encrypted the claims information and financial data.

Learn More About Our Data Backup & Recovery Services

A ransom note popped up on the infected computer: Pay $400 within 72 hours to unlock the data.

Mr. Stefanick’s first thought was to ignore the ransom demand and regain access to the files on his own. But then his firm’s IT provider said it would take “thousands and thousands of hours of running software” to try to break the code on the encryption.

“They set the ransom so low that, as violated as I feel and as much as I wanted to fight, at the end of the day I realized I can pay and get back to work,” he said.

To recover Advantage’s data, Natalie Stefanick, marketing manager for her father’s company, drove to a nearby Walgreens, pulled a MoneyGram gift card off a rack and asked the cashier to load $400. Within 30 minutes, a program that unencrypted the data began to run.

In the end, no data was stolen and there were “no confidentiality breaches,” according to Mr. Stefanick. It was about 72 hours before the company was fully back and running and about two weeks before everything was put back where it belonged, he added.

About 30% of ransomware victims pay to regain their data, estimates Tom Kellermann, chief cybersecurity officer for Trend Micro Inc., an Irving, Texas, cybersecurity firm.

Intel Security, a unit of Intel Corp., said it reviewed more than 250,000 new ransomware samples in the fourth quarter of 2014, up 155% from the previous quarter. And the Internet Crime Complaint Center, a partnership between the FBI and the nonprofit National White Collar Crime Center, said businesses and individuals submitted 2,275 ransomware complaints from June 1, 2014, to March 31 of this year, with reported losses totaling more than $1.1 million. Ransomware can target more than 230 different types of computer files, up from 70 in 2013, according to Bromium Inc., a Cupertino, Calif., an information-security firm.

Michael W. Cocanower, owner of itSynergy, an IT consulting firm in Arizona that works with many small businesses, says he has seen a resurgence of ransomware in the past three to six months. He tells clients that the first step is to disconnect the infected computer from their network immediately. The infected computer must also be scrubbed and other computers need to be checked as well.

One of Mr. Cocanower’s customers, CoValence Inc., a Chandler, Ariz., maker of private-label skin-care products with roughly 100 employees, has been hit with four ransomware attacks in the past six months. A backup system prevented the loss of data, but the attacks “caused a lot of anxiety,” says John Dennison, the company’s IT manager.

After the last attack, CoValence upgraded its Internet security protections. It also now regularly reminds employees to be on the lookout for fraudulent email.

Small businesses can be particularly vulnerable because they often have less sophisticated computer defenses. Some 80% of small and medium-size businesses don’t use data protection and less than half use email security, according to Intel Security. Overall, 23% of recipients open phishing messages used to transmit ransomware and other malware, according to a data-breach report released Wednesday by Verizon Enterprise Solutions, a unit of Verizon Communications Inc. An estimated 11% click on the attachments, according to Verizon.

Read the rest of the WSJ article HERE.